The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Its core purpose is to help organizations improve their software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

Applied Cybersecurity, Incident Response and Forensics

This five-day hands-on course is designed to increase the knowledge and skills of technical staff charged with administering and securing information systems and networks. Security topics such as vulnerability assessment, systems administration, network monitoring, incident response, and digital forensics will offer a comprehensive defense-in-depth experience. Each participant will have direct administrative access to a wide variety of networked systems (Windows, Linux and Cisco), which will be modified and instrumented throughout the course. Instruction will consist of individual labs and team-based exercises modeled from real-world threat scenarios.

DevOps in Practice Workshop

This DevOps workshop is intended to offer a comprehensive, hands-on review of DevOps topics and process, and to identify techniques for project planning, development, and deployment from start to finish. Specifically, this workshop will expose attendees to reference architectures and hands-on experience with Continuous Integration (CI) tools and practices, including technical demonstrations and practical scenarios. Students who attend the workshop will be provided a Certificate of Completion and also be awarded 0.5 CEUs.

Information Security for Technical Staff

This five-day course is designed to provide participants with practical techniques for protecting the security of an organization's information assets and resources, beginning with concepts and proceeding on to technical implementations. The course focuses on understanding and applying the concept of survivability through the effective management of risk, threats, policy, system configuration, availability, and personnel. The course also provides a technical foundation for working with TCP/IP security and cryptography. The final section of the course helps participants learn to design a secure network architecture managing host systems, securing network services and infrastructure, working with firewalls, and understanding functions of a security operations center.

Information Security for Technical Staff - eLearning

The course focuses on understanding and applying the concept of survivability through the effective management of risk, threats, policy, system configuration, availability, and personnel. The course also addresses incident response and provides a technical foundation for working with TCP/IP security and cryptography. The final section of the course helps participants learn to design a secure network architecture managing host systems, securing network services and infrastructure, working with firewalls, and understanding intrusion detection and prevention.

This three-day course begins with a brief review of the conceptual foundations of information security. Next, students will be introduced to the CERT Defense-in-Depth Framework: eight operationally focused and inter-dependent management components which will be synergistically applied to a fictitious organization's Information Technology (IT) enterprise. Through lectures, demonstrations, scenario-based exercises, small group activities and open discussions, students will learn high-level best practices for effectively integrating each of these eight components into all aspects of IT operations. Further, the course scenario is used extensively to reinforce these best practices with technical information security implementations.

Secure Coding in C and C++

Secure Coding in C and C++ provides practical advice on secure practices in C and C++ programming. Producing secure programs requires secure designs. However, even the best designs can lead to insecure programs if developers are unaware of the many security pitfalls inherent in C and C++ programming.
This course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation.

Secure DevOps Process and Implementation

This 4.5 hour virtual, asynchronous course is designed for managers, developers and operational teams to offer a comprehensive training on DevOps principles and process, and to identify techniques for project planning, development, and deployment from start to finish. Specifically, this course will expose attendees to reference architectures and uses cases on Continuous Integration (CI) tools and practices, including technical demonstrations and practical scenarios.

CERT Secure Coding in C and C++ Professional Certificate

CERT Secure Coding in Java Professional Certificate

The CERT Secure Coding in Java Professional Certificate provides software developers with practical instruction based upon the CERT Secure Coding Standards. The CERT Secure Coding team teaches the essentials of designing and developing secure software in Java. Completion of this Professional Certificate will enable software developers to increase security and reduce vulnerability within the Java programs they develop.

Secure Coding in Java

This four-day course provides a detailed explanation of common programming errors in Java and describes how these errors can lead to code that is vulnerable to exploitation. The course concentrates on security issues intrinsic to the Java programming languages and associated libraries. The intent is for this course to be useful to anyone involved in developing secure Java programs regardless of the specific application.

Security Requirements Engineering Using the SQUARE Method

In this workshop we will present an overview of security requirements engineering and the SQUARE methodology. Then we will go through the SQUARE steps in detail. For each step, students will participate in a team case study.

Software Assurance Methods in Support of Cyber Security

This workshop is focused on four critical software assurance areas: security requirements, software supply chain assurance, mission thread analysis, and measurement. The purpose of this course is to expose managers, engineers, and acquirers to concepts and resources available now for their use to address software security assurance across the acquisition and development life cycles.

Vulnerability Response Capability Development

This one-day course is designed for managers and project leaders who are trying to respond to vulnerabilities reported in their products. This course will provide a high-level overview of the key issues, processes, and decisions that must be made to build your organization's vulnerability response capability. As part of the course, attendees will develop an action plan that can be used as a starting point in planning and implementing their vulnerability response capability.